ComboFix 07-10-17.8 - ^Mateusz^ 2007-10-17 22:37:29.1 - NTFSx86 
Microsoft Windows XP Home Edition  5.1.2600.2.1250.1.1045.18.605 [GMT 2:00]
Running from: C:\Documents and Settings\^Mateusz^\Pulpit\—ci¥gni©te\ComboFix.exe
 * Created a new restore point
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\dat.txt
C:\WINDOWS\optnet.dll
C:\WINDOWS\rs.txt

.
(((((((((((((((((((((((((   Files Created from 2007-09-17 to 2007-10-17  )))))))))))))))))))))))))))))))
.

2007-10-17 22:36	51,200	--a------	C:\WINDOWS\NirCmd.exe
2007-10-17 21:44	1,506	--a------	C:\WINDOWS\system32\tmp.reg
2007-10-17 21:43	289,144	--a------	C:\WINDOWS\system32\VCCLSID.exe
2007-10-17 21:43	288,417	--a------	C:\WINDOWS\system32\SrchSTS.exe
2007-10-17 21:43	53,248	--a------	C:\WINDOWS\system32\Process.exe
2007-10-17 21:43	51,200	--a------	C:\WINDOWS\system32\dumphive.exe
2007-10-17 21:43	25,600	--a------	C:\WINDOWS\system32\WS2Fix.exe
2007-10-17 19:35	<DIR>	d--------	C:\Program Files\Trojan Remover
2007-10-17 19:35	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Simply Super Software
2007-10-17 19:35	162,304	--a------	C:\WINDOWS\system32\ztvunrar36.dll
2007-10-17 19:35	153,088	--a------	C:\WINDOWS\system32\UNRAR3.dll
2007-10-17 19:35	77,312	--a------	C:\WINDOWS\system32\ztvunace26.dll
2007-10-17 19:35	75,264	--a------	C:\WINDOWS\system32\unacev2.dll
2007-10-17 19:35	69,632	--a------	C:\WINDOWS\system32\ztvcabinet.dll
2007-10-17 19:23	<DIR>	d--------	C:\Program Files\SkanerOnline
2007-10-17 19:11	<DIR>	d--------	C:\Program Files\Panda Security
2007-10-17 15:18	<DIR>	d--------	C:\Program Files\ygwowslc
2007-10-17 15:18	126,976	--a------	C:\Documents and Settings\All Users\Dane aplikacji\zyfslars.dll
2007-10-17 15:11	270,336	--a------	C:\WINDOWS\ntspknlg.dll
2007-10-17 15:11	257,536	--a------	C:\WINDOWS\hostctrl.dll
2007-10-17 15:11	33,280	--a------	C:\WINDOWS\nmcuninstall.exe
2007-10-15 16:40	<DIR>	d--hs----	C:\found.006
2007-10-11 18:06	<DIR>	d--------	C:\Documents and Settings\Mama\Dane aplikacji\Super-Cow
2007-10-11 18:05	<DIR>	d--------	C:\Program Files\Supercow
2007-10-10 05:43	582,656	-----c---	C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-10 05:38	<DIR>	d--hs----	C:\found.005
2007-10-04 18:31	327,168	--a------	C:\WINDOWS\IsUn0415.exe
2007-10-04 18:31	228,352	-ra------	C:\WINDOWS\system32\DECO_32.DLL
2007-10-04 18:31	17,920	--a------	C:\WINDOWS\system32\IMPLODE.DLL
2007-10-04 18:25	<DIR>	d--------	C:\Program Files\Common Files\Borland Shared
2007-10-04 18:25	210,032	--a------	C:\WINDOWS\system32\DBCLIENT.DLL
2007-10-03 20:20	<DIR>	d--------	C:\Program Files\Common Files\PocketSoft
2007-10-03 20:20	197,120	--a------	C:\WINDOWS\patchw32.dll
2007-10-01 18:18	<DIR>	d--------	C:\Program Files\Magic Tea
2007-10-01 18:04	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\FireGlow
2007-10-01 16:20	<DIR>	d--hs----	C:\WINDOWS\ftpcache
2007-09-27 00:45	<DIR>	d--------	C:\Program Files\Chicken Invaders 2
2007-09-24 18:50	<DIR>	d--------	C:\Program Files\SuperAudiotool
2007-09-24 18:50	<DIR>	d--------	C:\My Music
2007-09-24 18:50	3,082	--a------	C:\WINDOWS\system32\affv11300p4now.sys
2007-09-24 18:50	5	--a------	C:\WINDOWS\system32\SySVid.dat
2007-09-24 16:58	4,096	--a------	C:\WINDOWS\d3dx.dat
2007-09-23 17:05	<DIR>	d--------	C:\Program Files\Hero Editor
2007-09-23 17:05	249,856	---------	C:\WINDOWS\Setup1.exe
2007-09-23 17:05	73,216	--a------	C:\WINDOWS\ST6UNST.EXE
2007-09-23 08:53	43,520	--a------	C:\WINDOWS\system32\CmdLineExt03.dll
2007-09-23 07:23	21,840	--a----t-	C:\WINDOWS\system32\SIntfNT.dll
2007-09-23 07:23	17,212	--a----t-	C:\WINDOWS\system32\SIntf32.dll
2007-09-23 07:23	12,067	--a----t-	C:\WINDOWS\system32\SIntf16.dll
2007-09-23 07:14	106,496	--a------	C:\WINDOWS\DIIUnin.exe
2007-09-23 07:14	29,564	--a------	C:\WINDOWS\DIIUnin.dat
2007-09-23 07:14	2,829	--a------	C:\WINDOWS\DIIUnin.pif
2007-09-21 15:30	<DIR>	d--------	C:\Program Files\Microsoft.NET
2007-09-21 15:29	<DIR>	d--------	C:\Program Files\Microsoft Visual Studio 8
2007-09-21 15:29	<DIR>	d--------	C:\Program Files\Common Files\Merge Modules
2007-09-21 06:20	<DIR>	d--------	C:\Program Files\Microsoft SQL Server
2007-09-17 14:04	3,727,720	--a------	C:\WINDOWS\system32\d3dx9_35.dll
2007-09-17 14:04	1,358,192	--a------	C:\WINDOWS\system32\D3DCompiler_35.dll
2007-09-17 14:04	444,776	--a------	C:\WINDOWS\system32\d3dx10_35.dll
2007-09-17 14:04	267,112	--a------	C:\WINDOWS\system32\xactengine2_9.dll
2007-09-17 09:54	<DIR>	d--------	C:\Documents and Settings\Mama\Dane aplikacji\ForgottenRiddles

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-17 20:39	4,718,592	---ha-w	C:\Documents and Settings\^Mateusz^\NTUSER.DAT
2007-10-17 19:01	---------	d---a-w	C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2007-10-17 17:35	---------	d-----w	C:\Documents and Settings\^Mateusz^\Dane aplikacji\Simply Super Software
2007-10-17 13:25	---------	d-----w	C:\Program Files\Windows Media Connect 2
2007-10-17 13:24	---------	d-----w	C:\Program Files\Codec Pack - All In 1
2007-10-14 10:55	---------	d-----w	C:\Documents and Settings\^Mateusz^\Dane aplikacji\Skype
2007-10-10 16:26	---------	d-s---w	C:\Documents and Settings\^Mateusz^\Dane aplikacji\Microsoft
2007-10-10 12:10	---------	d--h--w	C:\Program Files\InstallShield Installation Information
2007-10-03 13:31	---------	d-----w	C:\Documents and Settings\^Mateusz^\Dane aplikacji\Atari
2007-10-03 13:25	---------	d-----w	C:\Documents and Settings\^Mateusz^\Dane aplikacji\Leadertech
2007-10-03 12:17	---------	d-----w	C:\Documents and Settings\^Mateusz^\Dane aplikacji\uTorrent
2007-09-23 16:56	19,024	----a-w	C:\Documents and Settings\^Mateusz^\Dane aplikacji\GDIPFONTCACHEV1.DAT
2007-09-21 13:48	---------	d-----w	C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help
2007-09-20 18:02	---------	d-----w	C:\Documents and Settings\^Mateusz^\Dane aplikacji\fretsonfire
2007-09-17 13:05	---------	d-----w	C:\Program Files\Wise Registry Cleaner
2007-09-15 21:45	---------	d-----w	C:\Program Files\Lavasoft
2007-09-15 21:43	---------	d-----w	C:\Program Files\RegCleaner
2007-09-15 21:36	---------	d-----w	C:\Program Files\CodeStuff
2007-09-15 21:34	---------	d-----w	C:\Program Files\Paper Chase 2
2007-09-15 21:25	---------	d-----w	C:\Documents and Settings\All Users\Dane aplikacji\iolo
2007-09-15 21:25	---------	d-----w	C:\Documents and Settings\^Mateusz^\Dane aplikacji\iolo
2007-09-15 21:12	---------	d-----w	C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft
2007-09-15 08:43	---------	d-----w	C:\Program Files\AtomixMP3
2007-09-15 08:39	---------	d-----w	C:\Program Files\Carrot
2007-09-14 10:24	---------	d-----w	C:\Documents and Settings\^Mateusz^\Dane aplikacji\BearShare
2007-09-13 17:34	---------	d-----w	C:\Program Files\Mp3 Knife
2007-09-13 17:20	---------	d-----w	C:\Program Files\FREE Hi-Q Recorder
2007-09-13 17:16	---------	d-----w	C:\Program Files\Sony Ericsson
2007-09-13 17:16	---------	d-----w	C:\Documents and Settings\All Users\Dane aplikacji\Sony Ericsson
2007-09-13 17:15	---------	d-----w	C:\Program Files\Intuwave Ltd
2007-09-11 14:38	---------	d-----w	C:\Documents and Settings\Mama\Dane aplikacji\Darwin
2007-09-11 14:09	---------	d-----w	C:\Documents and Settings\All Users\Dane aplikacji\FreshGames
2007-09-10 18:27	---------	d-----w	C:\Documents and Settings\^Mateusz^\Dane aplikacji\Hewlett-Packard
2007-09-10 18:26	---------	d-----w	C:\Program Files\Hewlett-Packard
2007-09-10 18:25	82,380	----a-w	C:\WINDOWS\system32\drivers\AFS2K.SYS
2007-09-10 18:17	---------	d-----w	C:\Program Files\Common Files\Hewlett-Packard
2007-09-06 10:05	94,416	----a-w	C:\WINDOWS\system32\drivers\aswmon2.sys
2007-09-06 10:05	92,848	----a-w	C:\WINDOWS\system32\drivers\aswmon.sys
2007-09-06 10:03	23,152	----a-w	C:\WINDOWS\system32\drivers\aswRdr.sys
2007-09-06 10:02	42,912	----a-w	C:\WINDOWS\system32\drivers\aswTdi.sys
2007-09-06 10:00	26,624	----a-w	C:\WINDOWS\system32\drivers\aavmker4.sys
2007-09-05 19:06	---------	d-----w	C:\Documents and Settings\^Mateusz^\Dane aplikacji\IGN_DLM
2007-09-02 18:36	---------	d-----w	C:\Documents and Settings\All Users\Dane aplikacji\ScreenSeven
2007-08-31 18:30	---------	d-----w	C:\Program Files\Skype
2007-08-31 18:30	---------	d-----w	C:\Program Files\Common Files\Skype
2007-08-31 18:30	---------	d-----w	C:\Documents and Settings\All Users\Dane aplikacji\Skype
2007-08-29 14:15	271,360	----a-w	C:\WINDOWS\system32\drivers\atksgt.sys
2007-08-29 14:15	18,048	----a-w	C:\WINDOWS\system32\drivers\lirsgt.sys
2007-08-29 13:25	163,644	----a-w	C:\WINDOWS\system32\drivers\secdrv.sys
2007-08-28 15:45	685,816	----a-w	C:\WINDOWS\system32\drivers\sptd.sys
2007-08-28 08:18	---------	d-----w	C:\Program Files\ATI Technologies
2007-08-26 20:30	---------	d-----w	C:\Documents and Settings\^Mateusz^\Dane aplikacji\gtopala
2007-08-26 09:28	---------	d-----w	C:\Documents and Settings\Mama\Dane aplikacji\Corel
2007-08-25 13:24	---------	d-----w	C:\Program Files\Vimicro
2007-08-25 09:42	---------	d-----w	C:\Documents and Settings\^Mateusz^\Dane aplikacji\Help
2007-08-24 13:44	---------	d-----w	C:\Documents and Settings\All Users\Dane aplikacji\Sandlot Games
2007-08-23 16:05	---------	d-----w	C:\Documents and Settings\^Mateusz^\Dane aplikacji\mbin.jp
2007-08-22 17:17	---------	d-----w	C:\Documents and Settings\^Mateusz^\Dane aplikacji\Subversion
2007-08-20 17:51	---------	d-----w	C:\Documents and Settings\Mama\Dane aplikacji\DiVision Studios XAvenger
2007-08-20 14:25	---------	d-----w	C:\Program Files\MSXML 4.0
2007-08-19 08:54	---------	d-----w	C:\Documents and Settings\All Users\Dane aplikacji\InstallShield
2007-08-19 08:53	---------	d-----w	C:\Program Files\Common Files\InstallShield
2007-08-19 08:53	---------	d-----w	C:\Documents and Settings\^Mateusz^\Dane aplikacji\Corel
2007-08-18 15:32	---------	d-----w	C:\Program Files\Common Files\DirectX
2007-07-20 17:23	737,280	----a-w	C:\WINDOWS\iun6002.exe
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="E:\Programy\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 12:06]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-30 21:05]
"TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [2007-09-30 19:38]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:44]
"Gadu-Gadu"="E:\Programy\Gadu-Gadu\gg.exe" [2007-07-09 09:39]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"hostctrl"= {3147D8FA-0627-4635-9A0E-75F64A39E8DA} - C:\WINDOWS\hostctrl.dll [2007-10-17 11:57 257536]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
E:\Programy\Winamp\winampa.exe


.
Contents of the 'Scheduled Tasks' folder
"2007-10-10 18:27:03 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1189448782.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-17 22:41:06
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully 
hidden files: 0 

**************************************************************************
.
Completion time: 2007-10-17 22:42:55 - machine was rebooted 
.
	--- E O F ---